On 01/18/2016 01:34 PM, P J P wrote:
> +-- On Mon, 18 Jan 2016, Jason Wang wrote --+
> | > +if (size > sizeof(rxbuf) - sizeof(crc_val)) {
> | > +size = sizeof(rxbuf) - sizeof(crc_val);
> | > +}
> | > +bytes_to_copy = size;
> | > +
> |
> | We probably need more
+-- On Mon, 18 Jan 2016, Jason Wang wrote --+
| > +if (size > sizeof(rxbuf) - sizeof(crc_val)) {
| > +size = sizeof(rxbuf) - sizeof(crc_val);
| > +}
| > +bytes_to_copy = size;
| > +
|
| We probably need more check, is there any guarantee that size <= 2048?
| If
On 01/15/2016 03:00 PM, P J P wrote:
> From: Prasad J Pandit
>
> While receiving packets in 'gem_receive' routine, if Frame Check
> Sequence(FCS) is enabled, it copies the packet into a local
> buffer without checking its size. Add check to validate packet
> length against the buffer size to avo
From: Prasad J Pandit
While receiving packets in 'gem_receive' routine, if Frame Check
Sequence(FCS) is enabled, it copies the packet into a local
buffer without checking its size. Add check to validate packet
length against the buffer size to avoid buffer overflow.
Reported-by: Ling Liu
Signed
